Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/S5guVajpiMLIdWgXmopqGVuv67c.roa
File: S5guVajpiMLIdWgXmopqGVuv67c.roa (raw, json)
Hash identifier: p6XvEbGVgZ/Viga/EZbj2nBOPkxT6XM0gR6tDbKCHHI=
Subject key identifier: 4B:98:2E:55:A8:E9:88:C2:C8:75:68:17:9A:8A:6A:19:5B:AF:EB:B7
Certificate issuer: /CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Certificate serial: 018D13D7F023C26A36479AC2818729401E79
Authority key identifier: 75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/S5guVajpiMLIdWgXmopqGVuv67c.roa
Signing time: Tue 16 Jan 2024 19:55:35 +0000
ROA not before: Tue 16 Jan 2024 19:55:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 212667
IP address blocks: 176.56.35.0/24 maxlen: 24
185.234.8.0/24 maxlen: 24
188.95.71.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:f0:23:c2:6a:36:47:9a:c2:81:87:29:40:1e:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=757cefe36b3fcc68a42c0aff81d144980f32777f
Validity
Not Before: Jan 16 19:55:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4b982e55a8e988c2c87568179a8a6a195bafebb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:f3:fa:71:2e:ac:ac:a5:78:fa:d7:13:40:fe:
47:13:66:e3:56:12:30:11:5c:86:10:41:ba:92:31:
de:05:e9:87:91:00:e6:14:43:dd:78:ff:3b:e0:4e:
e9:2d:a4:5c:7f:fa:16:ec:fb:cb:36:fc:5b:81:73:
ce:33:6c:f6:03:0c:d5:8d:b6:12:00:47:fc:8f:d4:
90:8d:66:77:1a:57:cc:89:11:0d:db:80:2e:a8:1c:
c0:55:13:1f:5f:6c:ea:1a:17:87:af:0e:27:55:95:
4d:87:9f:8f:d3:b0:34:de:c9:c8:dc:24:51:a8:f1:
70:ce:07:42:a8:48:78:26:ba:fc:4d:0d:8e:bf:b8:
62:df:6e:62:7e:8d:a0:41:2f:87:28:06:71:df:17:
5b:9e:48:92:cc:20:8f:58:ab:95:58:7f:38:9a:2c:
2b:d4:25:8e:35:7d:0a:21:80:55:c3:37:a8:93:e6:
37:67:e1:0c:42:8d:bf:7b:9a:41:15:22:c6:b7:a3:
c8:ae:fb:f4:dc:2a:ca:a0:96:d8:15:65:c9:0e:88:
53:e2:47:9d:62:7e:a0:1d:ac:26:ed:2a:ca:3b:fd:
70:db:d5:ab:85:7a:ef:fe:98:5e:3a:c1:77:61:80:
ac:ca:9d:10:c9:70:68:5a:ec:13:a5:9f:d8:e5:2c:
e8:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:98:2E:55:A8:E9:88:C2:C8:75:68:17:9A:8A:6A:19:5B:AF:EB:B7
X509v3 Authority Key Identifier:
keyid:75:7C:EF:E3:6B:3F:CC:68:A4:2C:0A:FF:81:D1:44:98:0F:32:77:7F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dXzv42s_zGikLAr_gdFEmA8yd38.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/S5guVajpiMLIdWgXmopqGVuv67c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/972db6-770f-4462-9fc7-ee9b9517f2ec/1/dXzv42s_zGikLAr_gdFEmA8yd38.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.56.35.0/24
185.234.8.0/24
188.95.71.0/24
Signature Algorithm: sha256WithRSAEncryption
0a:f7:8d:70:08:2a:c8:08:e1:fa:06:db:9f:89:5d:40:47:4d:
91:f2:9b:20:44:14:b0:07:b2:75:ea:57:e3:5d:5b:05:d5:97:
f8:6a:91:ec:44:39:34:26:a1:7b:db:f7:af:87:ef:35:de:ae:
7a:00:43:0c:44:f4:3e:b7:98:da:0a:c8:28:46:37:52:da:38:
78:42:50:8f:f3:4d:a0:a1:56:73:78:b8:83:d8:b7:2e:29:a5:
3f:d8:b5:39:da:bb:14:32:6b:4e:7a:d7:d1:8a:30:b2:ad:75:
ee:22:95:cf:f4:6f:f8:df:b8:ff:3a:28:bf:c8:d0:02:47:2f:
86:c0:b5:84:23:86:98:f8:37:30:c9:42:93:b1:a7:fc:b7:42:
79:41:07:34:66:97:8a:a8:b9:ff:94:73:76:22:b4:2a:db:3d:
a7:5f:bd:fb:2a:81:e3:a6:24:84:b0:47:09:68:3c:8f:ee:3b:
0c:73:fc:5d:6d:3f:89:6b:db:3b:4a:02:6b:f4:1d:49:94:d6:
ba:12:a2:cb:94:d7:c1:5c:2a:a5:84:56:3f:1f:ac:6c:3d:14:
c9:50:f8:a1:53:c6:83:fb:eb:74:ce:27:d8:7a:4e:d7:c0:9b:
d9:45:8b:51:f2:8a:21:9d:a6:0d:f0:84:5a:89:51:7b:39:c2:
b1:27:3a:6e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0T1/Ajwmo2R5rCgYcpQB55MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1N2NlZmUzNmIzZmNjNjhhNDJjMGFmZjgxZDE0NDk4MGYz
Mjc3N2YwHhcNMjQwMTE2MTk1NTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yjk4MmU1NWE4ZTk4OGMyYzg3NTY4MTc5YThhNmExOTViYWZlYmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/P6cS6srKV4+tcTQP5HE2bjVhIw
EVyGEEG6kjHeBemHkQDmFEPdeP874E7pLaRcf/oW7PvLNvxbgXPOM2z2AwzVjbYS
AEf8j9SQjWZ3GlfMiREN24AuqBzAVRMfX2zqGheHrw4nVZVNh5+P07A03snI3CRR
qPFwzgdCqEh4Jrr8TQ2Ov7hi325ifo2gQS+HKAZx3xdbnkiSzCCPWKuVWH84miwr
1CWONX0KIYBVwzeok+Y3Z+EMQo2/e5pBFSLGt6PIrvv03CrKoJbYFWXJDohT4ked
Yn6gHawm7SrKO/1w29WrhXrv/pheOsF3YYCsyp0QyXBoWuwTpZ/Y5SzogQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEuYLlWo6YjCyHVoF5qKahlbr+u3MB8GA1UdIwQY
MBaAFHV87+NrP8xopCwK/4HRRJgPMnd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzct
ZWU5Yjk1MTdmMmVjLzEvUzVndVZhanBpTUxJZFdnWG1vcHFHVnV2NjdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC85NzJkYjYtNzcwZi00NDYyLTlmYzctZWU5Yjk1MTdmMmVj
LzEvZFh6djQyc196R2lrTEFyX2dkRkVtQTh5ZDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsDgjAwQA
ueoIAwQAvF9HMA0GCSqGSIb3DQEBCwUAA4IBAQAK941wCCrICOH6BtufiV1AR02R
8psgRBSwB7J16lfjXVsF1Zf4apHsRDk0JqF72/evh+813q56AEMMRPQ+t5jaCsgo
RjdS2jh4QlCP802goVZzeLiD2LcuKaU/2LU52rsUMmtOetfRijCyrXXuIpXP9G/4
37j/Oii/yNACRy+GwLWEI4aY+DcwyUKTsaf8t0J5QQc0ZpeKqLn/lHN2IrQq2z2n
X737KoHjpiSEsEcJaDyP7jsMc/xdbT+Ja9s7SgJr9B1JlNa6EqLLlNfBXCqlhFY/
H6xsPRTJUPihU8aD++t0zifYek7XwJvZRYtR8oohnaYN8IRaiVF7OcKxJzpu
-----END CERTIFICATE-----
Generated at Fri Apr 18 21:11:17 2025 by rpki-client